258936 – Left shift of negative value in JSC::RegisterAtOffset::offset()

NEW258936

Left shift of negative value in JSC::RegisterAtOffset::offset()

https://bugs.webkit.org/show_bug.cgi?id=258936

Summary Left shift of negative value in JSC::RegisterAtOffset::offset()

Xi Ruoyao

Reported 2023-07-06 09:52:18 PDT

JSC::RegisterAtOffset::m_offsetBits is ptrdiff_t, so it's signed. And on most platforms the stack grows downward, so the value if often negative. The C++ standard explicit deems left shift of negative value undefined.

Attachments
Add attachment proposed patch, testcase, etc.

Xi Ruoyao

Comment 1 2023-07-06 11:26:37 PDT

Pull request: https://github.com/WebKit/WebKit/pull/15601

Radar WebKit Bug Importer

Comment 2 2023-07-13 09:53:18 PDT

<rdar://problem/112205512>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2023-07-06 09:52 PDT

Modified

2023-07-13 09:53 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks